package com.panfeng.xcloud.common.security.authentication;

import org.apache.commons.lang3.StringUtils;
import org.springframework.security.web.util.matcher.RequestMatcher;

import javax.servlet.http.HttpServletRequest;

/**
 *
 * oauth2请求匹配器
 *
 * @author xiaobo
 * @version 1.0
 * @since 2018-12-28
 */
public class OAuth2RequestedMatcher implements RequestMatcher {

    @Override
    public boolean matches(HttpServletRequest request) {
        String authorization = request.getHeader("Authorization");
        //判断来源请求是否包含oauth2授权信息,这里授权信息来源可能是头部的Authorization值以Bearer开头,或者是请求参数中包含token参数,满足其中一个则匹配成功
        boolean haveOauth2Token = (StringUtils.isNotEmpty(authorization)) && authorization.startsWith("bearer");
        boolean haveAccessToken = StringUtils.isNotEmpty(request.getParameter("token"));
        return haveOauth2Token || haveAccessToken;
    }
}
